User Authentication
VERIFY PIN
This command is used to authenticate the user by verifying their PIN. A successful verification authenticates the session until the card is deselected, reset, or a signature command is performed.
def verify_pin(pin: str)
card.verify_pin(pin)
For example, verify_pin("123456789")
Application Protocol Data Unit (APDU) Components
The following table outlines the components of the Application Protocol Data Unit (APDU).
Field | Description | Value |
CLA | This field specifies the class of the instruction. | 0x80 |
INS | This field specifies the particular command or operation that the smart card or secure element should execute. | 0x20 |
P1 | First parameter of the instruction that specifies the details about the operation being requested. | 0x00 |
P2 | First parameter of the instruction that specifies additional details about the operation being requested. | 0x00 |
Data | PIN data (optional) | None, or the PIN (4–9 digits, zero-padded to 9) |
Â
📘 Note
- A Secure Channel must be established before issuing this command.
- Two modes of operation:
- Without data: Returns the number of remaining PIN retries (1 byte).
- With data: Verifies the PIN.
- PIN length must be 4–9 digits, zero-padded to 9 bytes if shorter.
- On success: The PIN is marked authenticated until the card is reset/power-cycled, the application is deselected, or a signature command is executed.
- On error: The retry counter decreases and the card returns 0x63Cx.
- On error: When retries reach 3 remaining, a power cycle is required before further attempts.
- On error: When retries reach 0, the PIN is blocked.
Â
Input Validation Rules
- PIN:
- Must be 4–9 numeric digits.
- If fewer than 9 digits, pad with 0x00 until 9 bytes total.
- No data case: Command simply queries the retry counter.
Â
Response
The following table outlines the possible responses that you will receive:
Response Code | Description |
0x9000 | PIN verified successfully. PIN is now authenticated for the session. The retry counter is reset. |
0x63Cx | Wrong PIN. x = remaining retries. |
0x63C0 | No retries left in this power cycle (PIN locked until reset). Even the correct PIN returns this code. If persists after the power cycle → PIN is blocked, must use UNBLOCK PIN. |
0x6700 | Incorrect data length (PIN not 4–9 digits or padding error). |
0x6986 | Card not initialized, no PIN provided, or PIN authentication disabled (via SetPinAuth). |